﻿<?xml version="1.0" encoding="utf-8" ?>
<Rules xmlns="Sherwood.SignOn.Client.UrlFilter"
       defaultAllowRedirectUrl="myStartPage.com"
       defaultDenyRedirectUrl="accessDeniedUrl.com">

  <!-- 1. Always allow rule-->
  <Rule alwaysAllow="true">
    <url>sherwood\.local</url>
    <users>systemadmin</users>
  </Rule>

  <!-- 2. Always deny (any user) rule -->
  <Rule alwaysDeny="true">
    <url>/Config/</url>
    <users>.*</users>
  </Rule>

  <!-- 3. Allow joebloggs (if not overwritten by other rules) -->
  <Rule>
    <url>sherwood\.local</url>
    <users>joebloggs</users>
  </Rule>

  <!-- 4. Allow joebloggs (but only with a non-persistent session) -->
  <Rule>
    <url>sherwood\.local/Secure</url>
    <users>joebloggs</users>
    <requireNonPersistentSession>true</requireNonPersistentSession>
  </Rule>

  <!-- 5. Allow users with member role -->
  <Rule>
    <url>sherwood\.local/MembersOnly</url>
    <roles>member</roles>
    <requireNonPersistentSession>true</requireNonPersistentSession>
  </Rule>

  <!-- 6. Allow any authenticated user -->
  <Rule>
    <url>brunstad\.local</url>
    <users>.+</users>
  </Rule>

  <!-- 7. Allow any user (also non-authenticated) -->
  <Rule>
    <url>public_website\.com/</url>
    <users>.*</users>
    <requireSession>false</requireSession>
  </Rule>

  <!-- 8. Allow access if referer is somereferer\.com -->
  <Rule>
    <url>sherwood\.local/some_path</url>
    <referrer>somereferer\.com</referrer>
  </Rule>

  <!-- 9. Redirect user with particular role to another page -->
  <Rule>
    <url>sherwood\.local/start</url>
    <roles>welcome_user</roles>
    <denyRedirectUrl>sherwood\.local/not_welcome_page</denyRedirectUrl>
    <allowRedirectUrl>sherwood\.local/welcome_page</allowRedirectUrl>
  </Rule>

</Rules>